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Top Stories 

• Officials released a report June 16 revealing that the Washington Metropolitan Area 
Transit Authority had failed to improve efforts on safety measures for employees following 
a January 12 smoke incident in which 1 woman died and 80 riders sickened. - Washington 
Post (See item 10 ) 

• Researchers identified critical inter-app interaction services and cross-app resource access 
(XARA) vulnerabilities in Apple’s OS X and iOS platforms in which an attacker could use 
sandboxed malware to bypass protections and steal confidential information from affected 
devices. - Help Net Security (See item 25) 

• Federal officials proposed a $100 million fine to AT&T for allegedly violating the 
“Transparency Rule” in the 2010 Open Internet Order. - Forbes (See item 26) 

• Officials reported June 18 that a man who fatally shot and killed 9 people at the Emanuel 
African Methodist Episcopal Church in South Carolina was taken into custody in North 
Carolina June 18. - CNN (See item 27) 
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Energy Sector 



1. June 17, U.S. Department of Labor - (Oklahoma) Open-flame heater likely cause of 
Coalgate oil rig fire; 3 deaths and serious injuries to 2 others, OSHA finds. The 
Occupational Safety and Health Administration cited Dan D Drilling Corp., June 17 
with 10 violations for using an open-flame heater on a rig floor in an incident that 
resulted in 3 deaths in December 2014. Proposed penalties total $221,200. 

Source : 

https://www.osha.gov/pls/oshaweb/owadisp.show document?p table=NEWS RELEA 
SES&p id=28170 

2. June 17, WAFF 48 Huntsville - (Alabama) More than 800 gallons of fuel stolen using 
special device. Officials arrested 2 men June 17 for allegedly being involved in a 
potential multi-state operation that stole more than $2,000 worth of gas from a Decatur, 
Alabama gas station. The suspects used a device that would disconnect the gas pump 
from the cashier in the convenience store, and hide the pumped fuel inside tanks stored 
in their rented truck. 

Source: http://www.waff.com/storv/29345633/more-than-800-gallons-of-fuel-stolen- 
using-special-device 

For another story, see item 6 
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Chemical Industry Sector 

3. June 18, Chattanooga Times Free Press - (Tennessee) Three firefighters taken to 
hospital after chemical fire treated and released. A June 17 fire prompted the 
evacuation of 27 employees at NA Industries factory in Chattanooga, Tennessee after a 
maleic anhydride pipe ruptured, causing HAZMAT and fire crews to respond to the 
incident. Three firefighters were injured and taken to area hospitals for minor injuries, 
and investigators determined there was no threat to the public. 

Source: http ://timesfreepres s . com/new s/local/story/20 1 5/i un/ 1 8/five-firefighters -taken- 
hospital-after-chemic/3 10169/ 

4. June 17, WTVC 9 Chattanooga - (Tennessee) Chlorine leak at Charleston plan shuts 
down river traffic. The Olin Chlor Alkali Products plant in Bradley County, 

Tennessee was temporarily shut down June 17 after a chlorine leak spilled into the 
Hiwassee River, creating a 40-feet chemical cloud over the water and prompting 
officials to stop nearby river traffic. Officials determined there was no danger to the 
public and are investigating the cause of the leak. 

Source: http://www.newschannel9.com/news/top-stories/stories/chlorine-leak-at- 
charleston-plant-shuts-down-river-traffic-18025.shtml 
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Nuclear Reactors, Materials, and Waste Sector 
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Nothing to report 
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Critical Manufacturing Sector 

Nothing to report 
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Defense Industrial Base Sector 

Nothing to report 
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Financial Services Sector 

5. June 17, U.S. Securities and Exchange Commission - (Massachusetts) SEC charges 
investment adviser with fraudulently funneling client assets to companies in 
owner’s interest. The U.S. Securities and Exchange Commission charged Boston- 
based Interinvest Corporation and its owner June 17 with allegedly defrauding 
investors out of up to $12 million after funneling $17 million worth of investments into 
Canadian penny stock companies in which the owner had undisclosed business 
interests. 

Source: https ://www . sec . gov/news/pressrelease/20 15-1 22 .html 

6. June 17, Milpitas Patch - (California) Suspected gas pump identity snatchers 
arrested for luxe shopping sprees in Santa Clara Co. Santa Clara County authorities 
reported June 16 that 4 suspects were charged with allegedly using credit card 
information stolen from gas station pumps to create counterfeit cards in which they 
used to purchase over $500,000 in luxury items at 31 stores in Santa Clara and 1 store 
in Fresno County from August 2014 - February 2015. 

Source: http://patch.com/califomia/milpitas/suspected-gas-pump-identity-snatchers- 
arrested-luxe-shopping-sprees-santa-clara-co 

[ Return to top ] 

Transportation Systems Sector 

7. June 18, WTOP103.5 FM Washington, D.C. - (Washington, D.C.) George 
Washington Parkway remains closed. Northbound George Washington Parkway was 
closed for several hours June 18 while crews cleared the scene of an accident after a 
tour bus experienced an engine problem. No injuries were reported. 

Source: http://wtop.com/sprawl-crawl/2015/06/george-washington-parkway-remains- 
closed/ 
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8. June 18, KWTV 9 Oklahoma City - (Oklahoma) Major rockslide closes part of 1-35 
near Davis. A section of Interstate 35 at mile marker 5 1 in Murray County was shut 
down June 18 while crews cleared up large boulders that fell from a rockslide. No 
injuries were reported. 

Source: http://www.news9.com/storv/29349476/parts-of-i-35-closed-in-murrav-co-due- 
to-large-boulder-fallen-from-mountain 

9. June 17, KTRK 13 Houston - (Texas) Wreck cleared after truck accident and fuel 
spill blocked 1-10. Interstate 10 Katy Freeway at Interstate 45 westbound was shut 
down for 2 hours June 17 due to an accident that involved a semi-truck that overturned 
and spilled 50 gallons of diesel onto the roadway and damaged the concrete barrier. 
Source: http://abcl3.com/traffic/i-10-cleared-after-truck-accident-and-fuel- 

spill/7 90424/ 

10. June 17, Washington Post - (Washington, D.C.) FTA report: there are significant 
flaws in Metro’s safety management system. The Federal Transit Administration 
(FTA) reported June 16 that the Washington Metropolitan Area Transit Authority 
(WMATA) had failed to improve efforts on safety measures for employees, lacked 
adequate training for workers, and found the department severely understaffed with 
authorized drivers, following a January 12 smoke incident in which 1 woman died and 
80 riders sickened. The Government Accountability Office is reviewing Metro 
operations and the National Transportation Safety Board is scheduled to hold hearings 
for two days on the January 12 incident. 

Source: http://www.washingtonpost.com/local/trafficandcommuting/fta-report-metro- 
failed-to-follow-through-on-safety-efforts/2015/06/17/9c8be738-146c-lle5-9518- 
f9eOa8959f32 story.html 
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Food and Agriculture Sector 

11. June 18, U.S. Department of Agriculture - (International) Recall notification report 
093-2015 (poultry products). The U.S. Department of Agriculture reported June 17 
that Pinnacle Foods Group, LLC, a Fayetteville, Arkansas establishment, is recalling 
approximately 668,316 pounds of poultry products due to monosodium glutamate 
(MSG) misbranding. The products were produced from December 2013 - June 2015 
and sent to retail locations in Canada. 

Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health- 
alerts/recall-case-ai'chive/archi ve/20 1 5/mr-093-20 1 5 
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Water and Wastewater Systems Sector 



12. June 18, WHAS 11 Louisville - (Kentucky) Louisville Water issues boil water 
advisory for water main break. Louisville Water issued a boil advisory for 
approximately 33,000 customers June 18 following a 60-inch water main break in 
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Louisville. 

Source: http://www.whas 1 1 ■corn/storv/news/local/communitv/201 5/06/1 8/water-main- 
breaks-near-crescent-hill-treatment-plant/28910613/ 

13. June 17, KWCH 12 Wichita - (Kansas) City of Haven experiencing water outage. 
Residents in Haven, Kansas, were without water for approximately 9 hours following a 
water main break June 17. The city’s Public Works crew is working to restore service. 
Source: http://www.kwch.com/news/local-news/Citv-of-Haven-experiencing-water- 
outage/33629310 

For another story, see item 4 
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Healthcare and Public Health Sector 

14. June 17, McDonough County Voice - (Illinois) MDH Board of Directors hears of 
medical data breach. McDonough District Hospital’s Board of Directors was notified 
June 15 of a security breach which impacted Medical Informatics Engineering’s No 
More Clipboard, which holds sensitive patient information for the hospital. The FBI’s 
Cyber Squad has been conducting an investigation into No More Clipboard as of May 
26, and the company is providing affected clients with protection and fraud services. 
Source: 

http://www.mcdonoughvoice.com/article/20150617/NEWS/150619583/11669/NEWS 

15. June 17, Reuters - (National) Merck to pay $5.9 million for misleading marketing of 
pink eye drug: U.S. Authorities announced June 17 an agreement with Merck & Co., 
regarding claims that its former unit, Inspire Pharmaceuticals, the producer of AzaSite, 
had falsely promoted the conjunctivitis medication for blepharitis without approval 
from the U.S. Food and Drug Administration from 2008 - 2011. 

Source: http://www.reuters.com/article/2015/06/17/merck-lawsuit-settlement- 
idUSLlN0Z32Z820150617 

16. June 17, Health IT Security - (California) Potential PHI data breach at Calif, youth 
center. Approximately 6,800 clients of the Fred Finch Youth Center (FFYC) were 
notified of a break-in which was discovered April 6 at one of its San Diego County 
locations, where computer equipment holding sensitive information such as full names, 
Social Security numbers, birth dates, treatment information, and Medi-Cal account 
numbers, was stolen. There is no evidence of any access to client information, and 
FFYC is providing at-risk individuals with identity protection services. 

Source: http://healthitsecurity.com/news/potential-phi-data-breach-at-calif.-youth- 
center 

17. June 17, Rock Hill Herald - (South Carolina) Lancaster County alerting EMS 
patients about missing personal information. Emergency services patients were 
notified by officials June 15 of a possible security breach after a safe was discovered 
missing from a Lancaster County building April 16. The safe contained several 
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unencrypted flash drives and hard drives which may have included sensitive personal 
and medical information for all EMS patients since 2004, although county officials 
have stated there is no evidence the information has been used. 

Source: http://www.heraldonline.com/news/local/article24789217.html 



[ Return to top ] 



Government Facilities Sector 

18. June 17, CNN - (National) OPM inspector general questioned over hacking report. 

The U.S. Office of Personnel Management’s (OPM) inspector general released 
testimony to the House Oversight Committee June 15 revealing that large portions of 
OPM’s critical and sensitive databases had failed to meet Federal security standards in 
audits completed months before the breach all of the way back to 2007. 

Source: http://www.cnn.com/2015/06/16/politics/opm-hack-ig-testimony/ 

1 Return to top i 

Emergency Services Sector 

19. June 18, NJ.com - (New Jersey) Newark captain denies mining personal info from 
police database. Essex County officials have charged the Newark city police captain 
and a fellow officer June 16 with 2 counts of computer theft and 1 count of conspiracy. 
Both men are accused of allegedly accessing a law enforcement database and illegally 
using its personal information to sell to third parties. 

Source : 

http://www.ni.com/essex/index.ssf/2015/06/newark police captain charged in data t 
heft denies.html 

20. June 18, The Idaho Statesman - (Idaho) Idaho firebug firefighter ordered to pay 
$2.3M for wildfire. Authorities ordered a paroled Clear Creek volunteer firefighter 
June 18 to pay $2.3 million in restitution for allegedly setting a 2012 wildfire that burnt 
1 home and destroyed 440 acres. 

Source : http://www.firehouse.com/news/14011Q88/clear-creek-wildfire-firebug- 
ordered-to-pay-23m 

21. June 18, Dayton Daily News - (Ohio) Ohio Lt. fired amid sexual harassment 
allegations. A Sugarcreek, Ohio fire department lieutenant was fired by the township 
board of trustees June 17 after an independent investigation found 15 violations of 
sexual and verbal harassment against a former employee. The man will appeal the 
decision, which also led to the resignation of two other firefighters involved in the 
violations. 

Source : http://www.firehouse.com/news/14011085/ohio-lt-fired-amid-sexual- 
haras sment- alle gations 

22. June 17, Lansing State Journal - (Michigan) 911 service restored in southern 
Clinton County. 911 services were restored to Clinton County, Michigan and 
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surrounding areas June 17 after a fiber optic telephone line was cut earlier in the day. 
Residents were without service for a number of hours. 

Source : http://www.lansingstateiournal.com/storv/news/local/2015/06/17/clinton- 
service-disrupted/28868729/ 
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Information Technology Sector 

23. June 18, Help Net Security - (International) Reddit announces switch to HTTPS- 
only. Reddit Web site developers reported that starting June 29, the site will only be 
accessible over hypertext transfer protocol secure (HTTPS) encrypted connections 
served via the company’s CloudFlare content delivery network (CDN). 

Source: http://www.net-securitv.org/secworld.php?id= 18526 

24. June 18, Securityweek - (International) Drupal security updates patch several 
vulnerabilities. Drupal developers released updates patching open redirect, 
information disclosure, and access bypass vulnerabilities in versions 6 and 7 of its open 
source content management software (CMS). 

Source: http://www.securitvweek.com/drupal-securitv-updates-patch-several- 
vulnerabilities 

25. June 17, Help Net Security - (International) Unpatched OS X, iOS flaws allow 
password, token theft from keychain, apps. Researchers from three universities 
identified critical inter-app interaction services and cross-app resource access (XARA) 
vulnerabilities in Apple’s OS X and iOS platforms in which an attacker could use 
sandboxed malware to bypass protections and steal confidential information from 
affected devices. 

Source: http://www.net-securitv.org/secworld.php?id= 18523 
For another story, see item 18 



Internet Alert Dashboard 



To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or 
visit their Web site: http://www.us-cert.gov 

Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and 
Analysis Center) Web site: http://www.it-isac.org 
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Communications Sector 



26. June 18, Forbes - (National) FCC plans to fine AT&T $100 million for throttling 
data speeds. The Federal Communications Commission (FCC) is fining AT&T for 
allegedly failing to adequately notify its customers that they could receive speeds 
slower than the normal networks that were advertised which violates the “Transparency 
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Rule” in the 2010 Open Internet Order. The proposed fine is $100 million, the largest 
fine proposed by the FCC. 

Source: http://www.forbes.com/sites/amitchowdhrv/2015/06/18/fcc-fines-att-100- 
million-for-throttling-data-speeds/ 

For another story, see item 22 
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Commercial Facilities Sector 

27. June 18, CAW - (South Carolina) Charleston church shooting suspect arrested in 
North Carolina. Charleston police reported June 18 that a man fatally shot and killed 9 
people at the Emanuel African Methodist Episcopal Church in South Carolina, after 
attending a Bible study class with the victims June 17. Officials reported the shooter 
was taken into custody in North Carolina June 18. 

Source: http://www.cnn.com/2015/Q6/18/us/charleston-south-carolina-shooting/ 

28. June 18, Associated Press - (Arizona) Brush fire near small Arizona town forces 
evacuation of 300 residents. A June 17 bush fire prompted the evacuation of a trailer 
park and 300 residents in Keamy, Arizona as it damaged and spread to rural areas. 
About 200 firefighters contained the incident and the cause of the fire is under 
investigation. 

Source: http://www.startribune.com/arizona-brush-fire-forces-300-residents-from- 
homes/308 108221/ 
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Dams Sector 



Nothing to report 
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Department of Homeland Security (DHS) 

DHS Daily Open Source Infrastructure Report Contact Information 



About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] 
summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily 
Open Source Infrastructure Report is archived for 10 days on the Department of Homeland Security Web site: 
http://www.dhs.gov/IPDailyReport 

Contact Information 

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS 

Daily Report Team at (703) 942-8590 

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow 

instructions to Get e-mail updates when this information changes . 

Removal from Distribution List: Send mail to support @ govdelivery.com . 



Contact DHS 

To report physical infrastructure incidents or to request information, please contact the National Infrastructure 
Coordinating Center at nicc@hq.dhs.gov or (202) 282-9201. 

To report cyber infrastructure incidents or to request information, please contact US -CERT at soc@us-cert.gov or visit 
their Web page at www.us-cert.gov . 

Department of Homeland Security Disclaimer 

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform 
personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright 
restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source 
material. 
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